feat(policies): Chainloop discover custom builtin

[jiparis]

This PR extends the CLI to support access to the Discover endpoint as a custom Rego builtin function. This is an example of extending the engine using the extension mechanism provided in #2552

To use it in policies:

apiVersion: workflowcontract.chainloop.dev/v1
kind: Policy
metadata:
  name: policy-builtins
spec:
  policies:
    - kind: CONTAINER_IMAGE
      embedded: |
        package main
        import rego.v1
        
        result := {"violations": violations}
        
        violations contains msg if {
          digest := sprintf("sha256:%s",[input.chainloop_metadata.digest.sha256])
          discovered := chainloop.discover(digest, "")
          
          some ref in discovered.references
          ref.kind == "ATTESTATION"
          ref.metadata.hasPolicyViolations == "true"
        
          msg:= sprintf("attestation with digest %s contains policy violations [name: %s, project: %s, org: %s]", [ref.digest, ref.metadata.name, ref.metadata.project, ref.metadata.organization])
        }

> go run app/cli/main.go policy devel eval --material ghcr.io/chainloop-dev/chainloop/control-plane:v1.57.0-amd64 --policy test/policy-builtins.yaml
{
   "result": {
      "violations": [
         "attestation with digest sha256:5d2ae3589cd46277fb83b1e9a3eb4c58dfb0c1e042729520119ed0533ef7cd6d contains policy violations [name: release, project: chainloop, org: read-only-demo]"
      ],
      "skip_reasons": [],
      "skipped": false
   }
}

[migmartri]

Very cool!

[migmartri]

one thing it would be nice to do (in the future) is to generate documentation of these built-in. We do smth for integrations already, like creating a markdown that then we can sync somewhere.

[migmartri]

I think that in the future the input should evolve to a struct, so we can have controlplaneConnection, CAS, and platform connections if needed.

[migmartri]

it would be nice to have logger support, so when running devel with --debug we can see some info